From Shellcode to Assembly

It is common to have a really interesting shellcode but not its corresponding assembly instructions. This is definitely not a new problem. Of course you can retrieve the assembly code as long as you know for what platform was this shellcode being designed.

So, let’s assume that you have a really simple shellcode such as this:

\x31\xc0\x40\x89\xc3\xcd\x80

Yeah, this is a simple exit() system call for Linux / x86 platforms. Since this is valid machine code you can print it in a file and there you have a 100% correct object code file, so:

The -b option specifies the mode, which in this case is 32bit. Of course, this is a simple match of machine code instructions to equivalent assembly mnemonics, but this is what we want :P If you wonder what was the original shellcode (you shouldn’t be since you saw the output of ndisasm) then, here it is:

@axjslack: There is a very simple, yet beautiful C code that typo of TESO wrote a few years ago that simply iterates through the object file bytes and prints them out which you can find here:http://packetstormsecurity.org/groups/teso/outp.c
Or you could simply do something like this in bash shell: